In my 2003 domain, I am being requested to set a password policy to require passwords to expire every 4 months, and also require users to change their password on their next login, due to a security issue. In my domain, my OU's are setup by location, then drilled down to city, then the users and computers are in separate sub-domains.
My question is, how do I set this up for my domain? Will I need to set the policy up for loop back? Can I configure this for just a specific OU? Any suggestions on how to move forward? Any advise is much appreciated, and thanks in advance!
Best Answer
To configure the password policy, you should edit the Default Domain Policy for each domain that you want to change this on. This is where the password policy is set.
To make users change passwords at their next logon, you can select all, right click, and select Properties from ADUC and put a check in the box that makes users change passwords at next logon, or you can script it in any number of languages, like batch, PowerShell, or VBscript.